Answered by:

Windows 2008 R2 with AD integerated DNS

Question

We have Windows 2003 as PDC (holds all fsmo roles), one Windows 2003 additional DC and four Windows 2008R2 additional DC's spanned in a two site active directory domain. All DC's are GC's. Windows 2003 PDC and the other 2003 additional DC's are DHCP and
DNS servers. We also have two Windows 2008R2 additional DC's at Site1which has DNS running. All DC's point to itself as primary DNS and has other DC's IP as additional/ alternate DNS server. We don't have any conditional forwarders configured in DNS.

At Site2 we have two Windows 2008R2 additional DC's. Both these DC's are DNS servers and DHCP servers. My problem is at
Site2.

Per Microsoft recommendation, I have NOT disabled IPV6. We are a pure IPV4 network.

If I do a ipconfig /all from one/ all of these DC's at Site2, I see my DNS has ::1, IP address of additional DC1 and IP address of additional DC2 at
Site2.When Ido a nslookupat this site, first I get an unknown server with request time out. Now I try aol.com I get request time out. I try aol.com again from same cmd window I get response back. What is causing this delay? Is it IPV6?

I prefer to stick with MS recommendation of not disabling IPV6. I like to hear whether it's a safe approach to disable IPV6 on domain controller and have it running on Exchange 2010 boxes. To me it doesn't make sense, but I like to hear your thoughts.

I agree as well, Mike. I've seen issues with NPSI causing GC communication issues between Exchagne and a 2008 DC. After research and even contacting Microsoft PSS back in 2008, they suggested to disable IPv6. There are known issues with IPv6,
and if not being used, pull it out! :-)

I have an article on disabling IPv6 that should walk you through step by step. Ther are some apps that use it but the I can't think of any Business application that it would break. IIRC, ipv6 and video conferencing might not work or something
similar but all of our server class machines have all had this disabled for now.

I agree as well, Mike. I've seen issues with NPSI causing GC communication issues between Exchagne and a 2008 DC. After research and even contacting Microsoft PSS back in 2008, they suggested to disable IPv6. There are known issues with IPv6,
and if not being used, pull it out! :-)

Miles forwarded this URL http://technet.microsoft.com/en-us/magazine/2009.07.cableguy.aspx to me a while ago which talks about disabling IPV6. This is the scariest paragraph:

The Argument against Disabling IPv6

It is unfortunate that some organizations disable IPv6 on their computers running Windows Vista or Windows Server 2008, where it is installed and enabled by default. Many disable IPv6-based on the assumption that they are not
running any applications or services that use it. Others might disable it because of a misperception that having both IPv4 and IPv6 enabled effectively doubles their DNS and Web traffic. This is not true.

From Microsoft's perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because
Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6. If IPv6 is disabled on Windows Vista, Windows Server 2008, or later versions, some components will not function. Moreover,
applications that you might not think are using IPv6—such as Remote Assistance, HomeGroup, DirectAccess, and Windows Mail—could be.

Therefore, Microsoft recommends that you leave IPv6 enabled, even if you do not have an IPv6-enabled network, either native or tunneled. By leaving IPv6 enabled, you do not disable IPv6-only applications and services (for example,
HomeGroup in Windows 7 and DirectAccess in Windows 7 and Windows Server 2008 R2 are IPv6-only) and your hosts can take advantage of IPv6-enhanced connectivity.

So I focussed more on disabling IPv6 for DNS services. I got the IDX # of the NIC by running
netsh interface ipv6 show interfaces and then deleted IPv6 for that interface by running
netshinterface ipv6 delete dnssserver name="IDX#" address=::1.
Once I delete IPv6 interface from DNS, nslookup doesn't time out and websites load fast.

While researching on disabling IPv6 I came across a KB from MS,
http://support.microsoft.com/kb/929852. I am confused with the Fix it as it has several options. Which one should I use to disable IPv6 and what is the difference between each?

I have an article on disabling IPv6 that should walk you through step by step. Ther are some apps that use it but the I can't think of any Business application that it would break. IIRC, ipv6 and video conferencing might not work or something
similar but all of our server class machines have all had this disabled for now.

as you realize some problems i would follow the articles about disabling IPv6 as already posted. If this doesn't resolve the issue i would enable it again. If it helps leave it disabled until you have applications/services that require it enabled. Then you
have to do some more testing.

I always try to work with it enabled until problems occur, then i disable it for testing.

Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

How's everything going? I want to check if the suggestions have helped or if you need further assistance.

Thanks.

This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can
be beneficial to other community members reading the thread.

What you're saying makes sense, however, IPv6 has not been widely adopted yet. I imagine that once the need really kicks in place, such as what you're suggesting with China's Gen-y population becoming more and more adept into the information age with additional
smartphones, etc, it will spark an IPv6 revolution. We just haven't seen it yet, but I'm sure all future devices will have IPv6 technology in place to handle the additional requirements. But of course, it depends on all the ISPs to provide IPv6 connectivity,
which not all have yet adopted.